The cryptographic module supporting encryption of the certificate store must be FIPS 140-2 validated.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32708 | WIR-MOS-iOS-65-10 | SV-43054r1_rule | DCNR-1 | Medium |
| Description |
|---|
| The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140-2 validation provides assurance that the relevant cryptography has been implemented correctly. FIPS validation is also a strict requirement for use of cryptography in the Federal Government. |
| STIG | Date |
|---|---|
| Apple iOS 6 Interim Security Configuration Guide (ISCG) | 2013-01-17 |
Details
| Check Text ( C-41071r3_chk ) |
|---|
| The certificate store in iOS does not meet this requirement. Review a sample of site managed devices (3-4), interview the IAO, and review product documentation. Verify the site uses a security container application that contains a certificate store that is FIPS 140-2 validated. Review system documentation to identify the FIPS 140 certificate for the cryptographic module. Visit the NIST web site http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm to verify the certificate is still valid. If the security container application is not currently FIPS validated, this is a finding. |
| Fix Text (F-36606r1_fix) |
|---|
| Stop using the operating system until the vendor has obtained FIPS validation or install a third party product that contains a FIPS validated cryptographic module providing the same services in the operating system’s non-FIPS validated implementation of cryptography. |